We are looking for a Senior Security Researcher to work on source code review, fuzzing, penetration testing of applications, and code / vulnerability remediation support.ResponsibilitiesWork as a key security researcher within an elite engineering team delivering industry-leading blockchain protocols and…
We are looking for a GRC Specialist to lead the programs within the GRC team, serving in a mentor role, acting as a subject matter expert for Information Security (consulting to technical and non-technical management and the user community), and performing key risk management functions within the Security Governance department. Primary functions include lifecycle management of client responses, Security Vendor Risk program management, Security Awareness, Policy & Standards lifecycle management, Controls Assurance, and GRC platform and program management.
- Help oversee, evaluate, and support the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
- Consult with stakeholders to gather and evaluate functional requirements. Provide guidance to stakeholders about applicability of information systems to meet business needs.
- Serve as a subject matter expert for Information Security, consulting to technical management non-technical management, and Legal as necessary.
- Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.
- Develop and maintain cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance. Define and participate in long-term strategy and planning for GRC programs.
- Conduct evaluations of controls of internal IT program or its individual components to determine compliance with required company policies and compliance standards.
- Assist in the management and support of the GRC technology and Security Governance solutions. Create and maintain system, procedural and support documentation.
- Manage and support the third party security vendor risk management program and lifecycle.
- Document and perform risk assessments for third-parties (e.g., vendors and service providers). Respond to security assessments, questionnaires and audits from clients and third-party business partners.
- Assist in the creation and maintenance of security policies, standards, processes and guidelines for approval by Firm management. Evaluate exception requests and make approval recommendations to management.
- Help lead and oversee the lifecycle of the Security Awareness program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs.
- Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity.
- Ability to facilitate and lead internal project and/or 3rd party vendor risk assessments with relative independence and provide guidance on secure design and operation.
- Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm’s security program and controls.
- Ability to communicate an effective security awareness message throughout the organization.
- Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents.
- Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users.
- Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG
- Experience (Administration or Management) in GRC platforms.
About Block.one LLC
Block.one LLC is a creator of Decentralized Autonomous Corporations (DACs), a concept introduced by CTO Daniel Larimer in 2014 that empowers open source communities to disrupt existing centralized business models. Currently we, along with others globally, are developing EOSIO, a revolutionary open-source decentralized blockchain infrastructure that will be used worldwide as the basis for developing countless high-throughput blockchain applications. We are looking for extraordinary technology professionals to join the Block.one LLC team in our continuing quest to enhance, refine and scale EOSIO for our rapidly expanding developer community.
Published by Block.one, EOSIO is a blockchain protocol that enables horizontal scaling of decentralized applications, allowing developers to efficiently create high performance distributed applications. The EOSIO software provides accounts, authentication, databases, and the scheduling of applications across multiple CPU cores and/or clusters. This allows for horizontal scalability, replaces user fees with an ownership model, and powers simple deployment of decentralized applications. Check out the EOSIO GitHub repository to read our source code and, for more information, visit the resources section of the EOSIO website.